557 Open source projects that are alternatives of or similar to Xss Payload List

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails

An automated approach to performing recon for bug bounty hunting and penetration testing.

An automated target reconnaissance pipeline.

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

Use a Fake image.jpg to exploit targets (hide known file extensions)

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Automated NoSQL database enumeration and web application exploitation tool.

Your Google Recon is Now Automated

Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability

Cleans HTML to avoid XSS attacks

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

渗透测试☞经验/思路/总结/想法/笔记

Python Remote Administration Tool (RAT)

Host Header Injection Checker

Extract API keys from file or url using by magic of python and regex.

对springSecurity进行二次开发，提供OAuth2授权(支持跨域名，多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定，解绑)、加密通信等一系列安全场景的解决方案

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Web Application recon automation

Automated Red Team Infrastructure deployement using Docker

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

Simultaneously execute various subdomain enumeration tools and aggregate results.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

sub domain wild card filtering tool

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.

The Swiss Army knife for automated Web Application Testing

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址

Framework for rapid development and reusable of security tools

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

checksum-reproducible tar archives (utility/library)

SSTI Payload Generator

This repository created for personal use and added tools from my latest blog post.

Writing custom backdoor payloads with C# - Defcon 27 Workshop

Metasploit Cheat Sheet 💣

Infosec Wordlists

Running nuclei Continuously

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Exploit Discord's cache system to remote upload payloads on Discord users machines

A Python3 based single-file subdomain enumerator

a recon tool that allows searching on URLs that are exposed via shortener services

This repository contains payload to test NoSQL Injections

Web漏洞演练平台

Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Web Application Security Scanner Framework

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Cross Origin Resource Sharing MisConfiguration Scanner

Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.

Semantic Java API Library for NEM Platform

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Awesome cloud enumerator